abuseip.org
- Reason
- suspicious paths across 1 domains
- Hits (last hour)
- 102
- Unique targets hit
- 1
- Unique paths probed
- 101
- Detection count
- 23
- First seen
- 2026-07-13 12:18:14 UTC
- Last seen
- 2026-07-13 13:17:30 UTC
- Block expires
- 2026-07-14 13:18:01 UTC
Sample paths probed
- /nacos/v1/auth/users/login
- /servlet/AdapterHTTP?PAGE=LoginPage&NEW_SESSION=TRUE
- /knowage/servlet/AdapterHTTP?PAGE=LoginPage&NEW_SESSION=TRUE
- /jcms/admin/admin.jsp
- /admin/admin.jsp
- /login
- /jahia/administration
- /mewebmail/Mondo/Servlet/request.aspx?Cmd=LOGIN&Format=JSON
- /167.172/servlet/AdapterHTTP?PAGE=LoginPage&NEW_SESSION=TRUE
- /rest/user
- /Mondo/Servlet/request.aspx?Cmd=LOGIN&Format=JSON
- /ibm/console/j_security_check
- /auth/realms/master/protocol/openid-connect/auth?client_id=security-admin-console&redirect_uri=https%3A%2F%2F167.172.5.31%2Fauth%2Fadmin%2Fmaster%2Fconsole%2F&state=3ecb384e-8a1a-4584-9ac1-14455800629c&response_mode=fragment&response_type=code&scope=openid&nonce=9e574cbb-ed31-4083-83db-53d7e748547b&code_challenge=gaU5iDGVJvT6X3qXrc192bOGj-nI-b_hzcwURjbuXucqt&code_challenge_method=S256
- /names.nsf?Login
- /iuclid6-web/idp/user/token/issue
- /sites/web_vhost_domain_list.php
- /login/index.php
- /jasperserver/j_spring_security_check
- /jasperserver/flow.html?_flowId=searchFlow&method=getNode&provider=repositoryExplorerTreeFoldersProvider&uri=/&prefetch=%2F
- /startwlm/login.cgi
Sample User-Agents
- Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
What does this mean?
This address sent traffic that the redirs.com edge classified as automated abuse โ typically WordPress/PHP exploit scanning, credential file probing (.env, .git, .aws/), or mass-domain enumeration. The block is automatic and time-limited (24 hours from last detection).
If you believe this is a false positive, contact [email protected] with the IP and the timestamps above.